Report: Mac malware threat still tiny

Virus writers finally paid some attention to Macs in 2010, with several new types of malware appearing to puncture the myth of the platform’s security invulnerability, security company Intego has reported in its annual review.

The numbers are still tiny and hard to meaningfully compare to PC equivalents, but it does look as if there has recently been a modest rise in the sophistication of Mac malware.

Perhaps the most interesting was October’s Koobface/Bonnana variant, which installed a malicious Java applet using social media sites to spread infection. This gained more attention for its cross-platform capabilities, targeting Mac, Windows and even Linux users, and holds a warning for the future: malware writers might start using Java more often to “weaponize” browser malware for a range of platforms and not only Windows.

Intego also mentions the appearance of backdoor malware, called HellRTS, and an unnamed ransomware program that both appeared during the year, but both of these are rated as proof-of-concept malware rather than as live threats. Meanwhile, older threats seem to hang around longer than they would in the PC world, including the DNS-tampering malware from 2007, RSPlug.

The company goes on to document a clutch of Mac OS X and iPhone iOS vulnerabilities plus some affecting vendors such as Adobe, Microsoft and Mozilla’s Firefox.

None of this should be tremendously frightening for Mac users. The Intego report runs to five pages, about the length of the table of contents alone on many Windows security reports which have appeared this month. Mac malware is still a small threat in absolute let alone relative terms.

Significant in 2010, however, was the uptick in the number of free Mac antivirus programs, including one from Sophos, which set out to address what is undoubtedly still the platform’s software underbelly—many Mac users don’t run an antivirus program at all.

It could also be that Mac security issues are under-reported, which leads to an underestimation of the problem. If many Mac users have no relationship with a security company through using antivirus software, they won’t show up in statistics when they do hit trouble.